home

fl_setup.exe

Spincommand

This is published and distributed via an Adknowledge's advertising supported (adware) software installer. The application fl_setup.exe, “Swift Installer ” by Spincommand has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from 65260255.dwnld08.com and multiple other hosts.
Publisher:
Swift Installer   (signed by Spincommand)

Product:
Swift Installer

Description:
Swift Installer

Version:
2.4.8.1

MD5:
813d8d003de93bf3f855216a5367e127

SHA-1:
d9203f4d9b4f5c1f0a68128cb1b966c587baa56d

SHA-256:
51a01d8ebdc8065193380c43f0f45f3147ae4eac07c70f185d4120f037ede637

Scanner detections:
25 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
1/15/2025 5:20:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.35
6480224

AhnLab V3 Security
PUP/Win32.IBryte
2015.01.30

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.205.220

AVG
Adware AdPlugin.BZE
2014.0.4257

Bitdefender
Gen:Variant.Application.Bundler.35
1.0.20.145

Clam AntiVirus
Win.Adware.Strictor-355
0.98/19994

Comodo Security
Application.Win32.iBryte.EBK
20890

Dr.Web
Trojan.iBryte.128
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.35
9.0.0.4799

ESET NOD32
Win32/Adware.iBryte.BY application
7.0.302.0

F-Prot
W32/S-04e100a9
v6.4.7.1.166

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.13.68

G Data
Gen:Variant.Application.Bundler.35
15.1.25

IKARUS anti.virus
AdWare.AdPlugin
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.193.14803

Kaspersky
Trojan.Win32.Badur
15.0.0.543

Malwarebytes
PUP.Optional.iBryte
v2015.01.29.02

MicroWorld eScan
Gen:Variant.Application.Bundler.35
16.0.0.87

NANO AntiVirus
Riskware.Win32.IBryte.dkjxzo
0.30.0.65070

Norman
Gen:Variant.Adware.Strictor.72752
02.01.2015 13:58:24

Panda Antivirus
Trj/Genetic.gen
15.01.29.02

Reason Heuristics
PUP.Installer.Adknowledge
15.1.29.14

Vba32 AntiVirus
Trojan.Badur
3.12.26.3

VIPRE Antivirus
Threat.4798837
36694

Zillya! Antivirus
Adware.iBryte.Win32.4058
2.0.0.2049

File size:
418.4 KB (428,408 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Swift Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fl_setup.exe

Digital Signature
Signed by:
Spincommand

Authority:
COMODO CA Limited

Valid from:
7/13/2014 7:00:00 PM

Valid to:
7/14/2015 6:59:59 PM

Subject:
CN=Spincommand, O=Spincommand, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F49870F5D3FA7D981D0069DE3D2EBBC7

File PE Metadata
Compilation timestamp:
12/15/2014 12:00:39 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:ZwVzBD00UW2iRI0iVOBhQrM2Q0Bto9pzmn1LJvIAD:ZCzBA0n2PVAQrM2Q0Bc1mfvT

Entry address:
0x15D03

Entry point:
E8, BF, 8C, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, 68, 70, 5D, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 9C, 55, 43, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 9C...
 
[+]

Entropy:
5.8573

Code size:
161 KB (164,864 bytes)

The file fl_setup.exe has been seen being distributed by the following 2 URLs.

http://65260255.dwnld08.com/o/.../fl_setup.exe

http://secure.pn-installer45.com/o/.../fl_setup.exe

Remove fl_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.